org.freedesktop.portal.Flatpak: Flatpak Library Reference Manual

org.freedesktop.portal.Flatpak

org.freedesktop.portal.Flatpak — Flatpak portal

Methods

Spawn               (IN  ay    cwd_path,
                     IN  aay   argv,
                     IN  a{uh} fds,
                     IN  a{ss} envs,
                     IN  u     flags,
                     IN  a{sv} options,
                     OUT u     pid);
SpawnSignal         (IN  u     pid,
                     IN  u     signal,
                     IN  b     to_process_group);
CreateUpdateMonitor (IN  a{sv} options,
                     OUT o     handle);

Signals

SpawnStarted (u pid,
              u relpid);
SpawnExited  (u pid,
              u exit_status);

Properties

version   readable   u
supports  readable   u

Description

The flatpak portal exposes some interactions with flatpak on the host to the sandbox. For example, it allows you to restart the applications or start a more sandboxed instance.

This portal is available on the D-Bus session bus under the bus name org.freedesktop.portal.Flatpak and the object path /org/freedesktop/portal/Flatpak.

This documentation describes version 6 of this interface.

Method Details

The Spawn() method

Spawn (IN  ay    cwd_path,
       IN  aay   argv,
       IN  a{uh} fds,
       IN  a{ss} envs,
       IN  u     flags,
       IN  a{sv} options,
       OUT u     pid);

This method lets you start a new instance of your application, optionally enabling a tighter sandbox.

The following flags values are supported:

1 (FLATPAK_SPAWN_FLAGS_CLEAR_ENV)	Clear the environment.
2 (FLATPAK_SPAWN_FLAGS_LATEST_VERSION)	Spawn the latest version of the app.
4 (FLATPAK_SPAWN_FLAGS_SANDBOX)	Spawn in a sandbox (equivalent of the sandbox option of flatpak run).
8 (FLATPAK_SPAWN_FLAGS_NO_NETWORK)	Spawn without network (equivalent of the unshare=network option of flatpak run).
16 (FLATPAK_SPAWN_FLAGS_WATCH_BUS)	Kill the sandbox when the caller disappears from the session bus.
32 (FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS)	Expose the sandbox pids in the callers sandbox, only supported if using user namespaces for containers (not setuid), see the support property. This was added in version 3 of this interface (available from flatpak 1.6.0 and later).
64 (FLATPAK_SPAWN_FLAGS_NOTIFY_START)	Emit a SpawnStarted signal once the sandboxed process has been fully started. This was added in version 4 of this interface (available from flatpak 1.8.0 and later).
128 (FLATPAK_SPAWN_FLAGS_SHARE_PIDS)	Expose the sandbox process IDs in the caller's sandbox and the caller's process IDs in the new sandbox. Only supported if using user namespaces for containers (not setuid), see the support property. This was added in version 5 of this interface (available from flatpak 1.10.0 and later).
256 (FLATPAK_SPAWN_FLAGS_EMPTY_APP)	Don't provide app files at `/app` in the new sandbox. Instead, `/app` will be an empty directory. This flag and the `app-fd` option are mutually exclusive. As with the `app-fd` option, the caller's Flatpak app files and extensions will be mounted on `/run/parent/app`, with filenames like `/run/parent/app/bin/myapp`. This was added in version 6 of this interface (available from flatpak 1.12.0 and later).

Unknown (unsupported) flags are an error and will cause Spawn() to fail.

Unknown (unsupported) options are ignored. The following options are supported:

sandbox-expose as

A list of filenames for files inside the sandbox that will be exposed to the new sandbox, for reading and writing. Note that absolute paths or subdirectories are not allowed.

The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

sandbox-expose-ro as

A list of filenames for files inside the sandbox that will be exposed to the new sandbox, readonly. Note that absolute paths or subdirectories are not allowed.

The files must be in the sandbox subdirectory of the instance directory (i.e. ~/.var/app/$APP_ID/sandbox).

sandbox-expose-fd ah

A list of file descriptor for files inside the sandbox that will be exposed to the new sandbox, for reading and writing (if the caller has write access). The file descriptors must be opened with O_PATH and O_NOFOLLOW and cannot be symlinks.

This was added in version 3 of this interface (available from flatpak 1.6.0 and later).

sandbox-expose-fd-ro ah

A list of file descriptor for files inside the sandbox that will be exposed to the new sandbox, readonly. The file descriptors must be opened with O_PATH and O_NOFOLLOW and cannot be symlinks.

This was added in version 3 of this interface (available from flatpak 1.6.0 and later).

sandbox-flags u

Flags affecting the created sandbox. The following flags values are supported:

1	Share the display access (X11, wayland) with the caller.
2	Share the sound access (pulseaudio) with the caller.
4	Share the gpu access with the caller.
8	Allow sandbox access to (filtered) session bus.
16	Allow sandbox access to accessibility bus.

This was added in version 3 of this interface (available from flatpak 1.6.0 and later).

unset-env as

A list of environment variables to unset (remove from the environment).

This was added in version 5 of this interface (available from flatpak 1.10.0 and later).

usr-fd h

A file descriptor for the directory that will be used as /usr in the new sandbox, instead of the files directory from the caller's Flatpak runtime. The new sandbox's /etc will be based on the etc subdirectory of the given directory, and compatibility symlinks in its root directory (/lib, /bin and so on) will point into the given directory. The caller's Flatpak runtime and its extensions will be mounted on /run/parent/usr, with filenames like /run/parent/usr/bin/env, and compatibility symlinks like /run/parent/bin → usr/bin.

The file descriptor must be opened with O_PATH and O_NOFOLLOW and cannot be a symlink.

This was added in version 6 of this interface (available from flatpak 1.12.0 and later).

app-fd h

A file descriptor for the directory that will be used as /app in the new sandbox, instead of the files directory from the caller's Flatpak app. The caller's Flatpak app files and extensions will be mounted on /run/parent/app, with filenames like /run/parent/app/bin/myapp.

This option and the FLATPAK_SPAWN_FLAGS_EMPTY_APP flag are mutually exclusive.

The file descriptor must be opened with O_PATH and O_NOFOLLOW and cannot be a symlink.

This was added in version 6 of this interface (available from flatpak 1.12.0 and later).

`IN ay cwd_path`:	the working directory for the new process
`IN aay argv`:	the argv for the new process, starting with the executable to launch
`IN a{uh} fds`:	an array of file descriptors to pass to the new process
`IN a{ss} envs`:	an array of variable/value pairs for the environment of the new process
`IN u flags`:	flags
`IN a{sv} options`:	Vardict with optional further information
`OUT u pid`:	the PID of the new process

The SpawnSignal() method

SpawnSignal (IN  u pid,
             IN  u signal,
             IN  b to_process_group);

This method lets you send a Unix signal to a process that was started with Spawn(). The pid argument here should be the PID that is returned by the Spawn() call: it is not necessarily valid in the caller's PID namespace.

`IN u pid`:	the PID inside the container to signal
`IN u signal`:	the signal to send (see signal(7))
`IN b to_process_group`:	whether to send the signal to the process group

The CreateUpdateMonitor() method

CreateUpdateMonitor (IN  a{sv} options,
                     OUT o     handle);

Creates an update monitor object that will emit signals when an update for the caller becomes available, and can be used to install it.

The handle will be of the form /org/freedesktop/portal/Flatpak/update_monitor/SENDER/TOKEN, where SENDER is the caller's unique name, with the initial ':' removed and all '.' replaced by '_', and TOKEN is a unique token that the caller can optionally provide with the 'handle_token' key in the options vardict.

Currently, no other options are accepted.

This was added in version 2 of this interface (available from flatpak 1.5.0 and later).

`IN a{sv} options`:	Vardict with optional further information
`OUT o handle`:	Object path for the org.freedesktop.portal.Flatpak.UpdateMonitor object

Signal Details

The "SpawnStarted" signal

SpawnStarted (u pid,
              u relpid);

This is only non-zero if the expose PIDs flag (32) or the share PIDs flag (128) was passed to Spawn(), and it may still be zero if the process exits before its relative PID could be read.

Emitted when a process started by Spawn() has fully started. In other words, Spawn() returns once the sandbox has been started, and this signal is emitted once the process inside itself is started.

Only emitted by version 4 of this interface (available from flatpak 1.8.0 and later) and if the notify start flag (64) was passed to Spawn().

`u pid`:	the PID of the process that has been started
`u relpid`:	the PID of the process relative to the current namespace.

The "SpawnExited" signal

SpawnExited (u pid,
             u exit_status);

Emitted when a process started by Spawn() exits. Use g_spawn_check_exit_status(), or the macros such as WIFEXITED documented in waitpid(2), to interpret the exit_status.

This signal is not emitted for processes that were not launched directly by Spawn(), for example if a process launched by Spawn() runs foreground or background child processes.

`u pid`:	the PID of the process that has ended
`u exit_status`:	the wait status (see waitpid(2))

Property Details

The "version" property

version  readable   u

The "supports" property

supports  readable   u

Flags marking what optional features are available. The following flags values are supported:

1 (FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS)

Supports the expose sandbox pids flag of Spawn. If the version of this interface is 5 or later, this also indicates that the share sandbox pids flag is available.

This was added in version 3 of this interface (available from flatpak 1.6.0 and later).